All system files, programs, and directories must be owned by a system account.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-215183 | SRG-OS-000259-GPOS-00100 | AIX7-00-001018 | SV-215183r991560_rule | 2026-02-06 | 3 |
Description
Restricting permissions will protect the files from unauthorized modification.
ℹ️ Check
Check the ownership of system files, programs, and directories by running the following command:
# ls -lLa /etc /bin /usr/bin /usr/lbin /usr/ucb /sbin /usr/sbin
If any of the system files, programs, or directories are not owned by a system account, this is a finding.
Note: For this check, the system-provided "ipsec" user is considered to be a system account.
✔️ Fix
Change the owner of public directories to "root" or an application account using the following command:
# chown root </public/directory>
Note: Replace "root" with an application user as necessary.